[Snort-users] Snort Archive Database Creation Script

Paul Schmehl pauls at ...6838...
Fri Jul 30 23:43:04 EDT 2004

--On Friday, July 30, 2004 5:52 PM -0700 Charles Heselton 
<charles.heselton at ...11827...> wrote:

> Hi all.  Don't know if this question has been asked before.  I wasn't
> able to find too much on google or the list archive.
> I would like to be able to archive events picked up by my snort IDSs.
> Now, I know that ACID has this functionality.  But I also know that
> you have to have the database backend.  Does anyone know if 1) the DB
> setup script that comes with the snort package will work for the
> "snort-archive" db?

Yes, it will, but first you have to create the database.

 or 2) if there's a snort-archive db setup script
> that I missed in the package?

No, there is not.

 or 3) is there a 3-rd party script some
> where out there in userland?

There could be, but I'm not aware of one.

>  I'm not the most savvy mysql DBA, so it
> would be non-trivial for me to try to set up the db myself.
Then you're going to have to start reading.  Mysql.com has very good 
documentation, or you can buy a book on mysql.

To create a database, you log in to mysql:

% mysql -u root -p (you'll be prompted for the password)

Once you've logged in successfully, you'll need to create the database:

mysql > create database snort_archive; (or whatever you want to name it)

Then you have to grant rights to the database to the user that will be 
logging in:

mysql > grant select,insert,create,delete on snort_archive.* to 
user at ...274...;

Then exit:

mysql > quit;

Then you can create the tables for the database like this:

% mysql -u root -p snort_archive < /path/to/create_mysql

The create_mysql script comes with the snort distribution.

> Any guidance would be appreciated.
Hope this helps.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member

More information about the Snort-users mailing list